db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chaa...@apache.org
Subject svn commit: r1326631 - in /db/derby/docs/trunk/src: adminguide/ ref/
Date Mon, 16 Apr 2012 14:35:09 GMT
Author: chaase3
Date: Mon Apr 16 14:35:08 2012
New Revision: 1326631

URL: http://svn.apache.org/viewvc?rev=1326631&view=rev
Log:
DERBY-522  Document the NATIVE authentication scheme.

Modified 6 Admin Guide topics and one Reference Manual topic.

Patch: DERBY-5522-4.diff

Modified:
    db/derby/docs/trunk/src/adminguide/cadminapps49914.dita
    db/derby/docs/trunk/src/adminguide/cadminapps811631.dita
    db/derby/docs/trunk/src/adminguide/cadminapps811695.dita
    db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita
    db/derby/docs/trunk/src/adminguide/radminappsclientxmp.dita
    db/derby/docs/trunk/src/adminguide/radmindrdasecmechanism.dita
    db/derby/docs/trunk/src/ref/rrefattribsecmech.dita

Modified: db/derby/docs/trunk/src/adminguide/cadminapps49914.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminapps49914.dita?rev=1326631&r1=1326630&r2=1326631&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminapps49914.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminapps49914.dita Mon Apr 16 14:35:08 2012
@@ -26,7 +26,7 @@ and</indexterm></indexterm><indexterm>or
 by Network Server</indexterm></indexterm><indexterm>Network Server<indexterm>supported
 security properties</indexterm></indexterm><indexterm>org.apache.derby.jdbc.ClientDataSource.USER_ONLY_SECURITY</indexterm>
 <indexterm>org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY</indexterm>
-<indexterm>org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY</indexterm></keywords>
+</keywords>
 </metadata></prolog>
 <conbody>
 <p>When running <ph conref="../conrefs.dita#prod/productshortname"></ph>
in
@@ -43,10 +43,6 @@ supports the following security properti
 All other mechanisms require you to specify both the user name and the password.</p></li>
 <li>Encrypted UserID and encrypted password (<i>org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY</i>)
   <p>When using this mechanism, both password and
 user id are encrypted.</p></li>
-<li>Strong password substitution (<i>org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY</i>)
-<p>When using this mechanism, a strong password substitute is generated and 
-used to authenticate the user with the network server. The original password is 
-never sent in any form across the network.</p></li>
 </ul>
 <p>The user's name that is specified upon connection is the default schema
 for the connection, if a schema with that name exists. See the <cite><ph conref="../conrefs.dita#pub/citdevelop"></ph></cite>
for

Modified: db/derby/docs/trunk/src/adminguide/cadminapps811631.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminapps811631.dita?rev=1326631&r1=1326630&r2=1326631&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminapps811631.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminapps811631.dita Mon Apr 16 14:35:08 2012
@@ -23,11 +23,10 @@ Network Server</title>
 </prolog>
 <conbody>
 <p>When user authentication is enabled in 
-<ph conref="../conrefs.dita#prod/productshortname"></ph>, you can use any of
+<ph conref="../conrefs.dita#prod/productshortname"></ph>, you can use either
of
 the following security mechanisms:</p>
 <ul>
 <li>Clear text user name and password security, the default</li>
-<li>Strong password substitute security </li>
 <li>Encrypted user name and password security</li>
 </ul>
 </conbody></concept>

Modified: db/derby/docs/trunk/src/adminguide/cadminapps811695.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminapps811695.dita?rev=1326631&r1=1326630&r2=1326631&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminapps811695.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminapps811695.dita Mon Apr 16 14:35:08 2012
@@ -28,11 +28,9 @@ Server</indexterm></indexterm><indexterm
 <p>To use the encrypted user ID and password security mechanism,
 you need a Java environment with a JCE (Java Cryptography Extension)
 which supports the Diffie-Hellman algorithm with a public prime of
-256 bits. The Sun Java Platform, Standard Edition, Version
-1.4 (J2SE) and later requires a public prime of 512 bits or
-more. An alternative mechanism if the 256 bit public prime is not
-supported, is <i>STRONG_PASSWORD_SUBSTITUTE_SECURITY</i>.
-</p>
+256 bits. The Sun Java Platform, Standard Edition (Java SE), Version
+1.4 and later requires a public prime of 512 bits or
+more.</p>
 <p>To use the encrypted user id and password security mechanism during
 JDBC connection using the network client, specify the <codeph>securityMechanism</codeph>
in
 the connection property. <note>If an encrypted database is booted in

Modified: db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita?rev=1326631&r1=1326630&r2=1326631&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita Mon Apr 16 14:35:08 2012
@@ -72,17 +72,6 @@ is specified.</p>
 <entry colname="col3">Default if password is not set</entry>
 </row>
 <row>
-<entry colname="col1">Strong password substitution</entry>
-<entry colname="col2">ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY
-(0x08)</entry>
-<entry colname="col3">Strong password substitution can be used only with
-<ph conref="../conrefs.dita#prod/productshortname"></ph>'s BUILTIN
-authentication mechanism or with authentication disabled. Also, for the BUILTIN
-mechanism, strong password substitution does not work for database-level users
-whose password has been protected by a custom message digest algorithm specified
-by the <i>derby.authentication.builtin.algorithm</i> property.</entry>
-</row>
-<row>
 <entry colname="col1">Encrypted user id and encrypted password</entry>
 <entry colname="col2">ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY
 (0x09)</entry>

Modified: db/derby/docs/trunk/src/adminguide/radminappsclientxmp.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminappsclientxmp.dita?rev=1326631&r1=1326630&r2=1326631&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminappsclientxmp.dita (original)
+++ db/derby/docs/trunk/src/adminguide/radminappsclientxmp.dita Mon Apr 16 14:35:08 2012
@@ -22,23 +22,21 @@ limitations under the License.
 <refbody>
 <section>
 <p>The following examples specify the user and password URL attributes. 
-To enable user authentication, the  property <i>derby.connection.requireAuthentication</i>
-must be set to true, otherwise, <ph conref="../conrefs.dita#prod/productshortname"></ph>
+To enable user authentication, you must either use NATIVE authentication or
+explicitly set the property <i>derby.connection.requireAuthentication</i>
+to true. Otherwise, <ph conref="../conrefs.dita#prod/productshortname"></ph>
 does not require a user name and password. For details on how to enable
-user authentication, please see "Working with user authentication" in the
+user authentication, see "Working with user authentication" in the
 <ph conref="../conrefs.dita#pub/citdevelop"/>.</p>
-<p>For a multi-user product, you would
-typically set it for the system in the <i>derby.properties</i> file for your
-server, since it is in a trusted environment. Below is a sample
-<i>derby.properties</i> file that conforms to these examples:
-<codeblock>derby.connection.requireAuthentication=true
-derby.authentication.provider=BUILTIN
-derby.user.judy=no12see</codeblock></p>
-<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
-BUILTIN authentication mechanism is suitable only for development and testing
-purposes. It is strongly recommended that production systems rely on LDAP or a
+<p>For a multi-user product, you would typically specify authentication for the
+system in the <i>derby.properties</i> file for your
+server, since it is in a trusted environment. The following property setting
+specifies NATIVE authentication:</p>
+<codeblock>derby.authentication.provider=NATIVE:myCredentialsDB:LOCAL</codeblock>
+<p><note type="important">It is strongly recommended that production systems
+rely on NATIVE authentication, an external directory service such as LDAP, or a
 user-defined class for authentication. It is also strongly recommended that
-production systems protect network connections with SSL/TLS.</note>
+production systems protect network connections with SSL/TLS.</note></p>
 </section>
 <section><title>Example 1</title><p>The following example connects
to the
 default server name localhost on the default port, 1527, and to the database
@@ -51,21 +49,10 @@ password=no12see</codeblock></p></sectio
 <section><title>Example 3</title><p>This example connects to the
default server
 name localhost on the default port, 1527, and includes the path in the database
 name portion of the URL.</p><codeblock>jdbc:derby://localhost:1527/c:/my-db-dir/my-db-name;user=judy;
-password=no12see</codeblock></section>
-<section><title>Example 4</title><p>The following example shows how
to use
-the network client driver to connect the network client to the Network Server:</p><codeblock>String
databaseURL = "jdbc:derby://localhost:1527/sample";
-<b>//
-// Load Derby Network Client driver class.
-// If you are running on JDK 6 or higher, you do not
-// need to invoke Class.forName(). In that environment, the
-// network client driver loads automatically.
-//</b>
-Class.forName("org.apache.derby.jdbc.ClientDriver");
-<b>// Set user and password properties</b>
-Properties properties = new Properties();
-properties.setProperty("user", "judy");
-properties.setProperty("password", "no12see");
-<b>// Get a connection</b>
-Connection conn = DriverManager.getConnection(databaseURL, properties);</codeblock></section>
+password=no12see</codeblock>
+<p>For a programming example that shows how to connect to the server using
+NATIVE authentication, see "NATIVE authentication and SQL authorization example"
+in the <ph conref="../conrefs.dita#pub/citdevelop"/>.</p>
+</section>
 </refbody>
 </reference>

Modified: db/derby/docs/trunk/src/adminguide/radmindrdasecmechanism.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radmindrdasecmechanism.dita?rev=1326631&r1=1326630&r2=1326631&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radmindrdasecmechanism.dita (original)
+++ db/derby/docs/trunk/src/adminguide/radmindrdasecmechanism.dita Mon Apr 16 14:35:08 2012
@@ -25,17 +25,18 @@ limitations under the License.
 </keywords>
 </metadata></prolog>
 <refbody>
-<section>The derby.drda.securityMechanism property restricts the client connections
-based on the security mechanism. <p>If the derby.drda.securityMechanism property
+<section><p>The <codeph>derby.drda.securityMechanism</codeph> property
restricts
+the client connections based on the security mechanism.</p>
+<p>If the <codeph>derby.drda.securityMechanism</codeph> property
 is set to a valid mechanism, the Network Server accepts only connections which
 use that security mechanism. No other types of connections are accepted. 
-If the derby.drda.securityMechanism property is not set, the Network Server
+If the <codeph>derby.drda.securityMechanism</codeph> property is not set, the
+Network Server
 accepts any connection which uses a valid security mechanism.</p></section>
 <refsyn><title>Syntax</title><codeblock><ph>derby.drda.securityMechanism
= [ 
     USER_ONLY_SECURITY | 
     CLEAR_TEXT_PASSWORD_SECURITY | 
-    ENCRYPTED_USER_AND_PASSWORD_SECURITY | 
-    STRONG_PASSWORD_SUBSTITUTE_SECURITY 
+    ENCRYPTED_USER_AND_PASSWORD_SECURITY
 ] </ph></codeblock> </refsyn>
 <section><title>Default</title><p>None. </p> </section>
 <example> <title>Example</title><codeblock><b>derby.drda.securityMechanism=USER_ONLY_SECURITY

Modified: db/derby/docs/trunk/src/ref/rrefattribsecmech.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattribsecmech.dita?rev=1326631&r1=1326630&r2=1326631&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefattribsecmech.dita (original)
+++ db/derby/docs/trunk/src/ref/rrefattribsecmech.dita Mon Apr 16 14:35:08 2012
@@ -33,10 +33,6 @@ for client access to the Network Server.
 two are defaults that users don't need to specify; they're present for 
 completeness only. -->
 <ul>
-<li><codeph><b>8</b></codeph>, which specifies Strong Password
Substitute security. If 
-you specify this mechanism, a strong password substitute is generated and used 
-to authenticate the user with the network server. The original password is 
-never sent in any form across the network.</li>
 <li><codeph><b>9</b></codeph>, which specifies Encrypted UserID
and Encrypted Password 
 security. If you specify this mechanism, both the user ID and the password are 
 encrypted. See "Enabling the encrypted user ID and password security mechanism" 
@@ -64,7 +60,7 @@ attribute.</li>
 attribute.</p>
 </section>
 <example><title>Example</title>
-<codeblock><b><ph>-- specify Strong Password Substitute security</ph>
-jdbc:derby://localhost/mydb;user=myuser;password=mypassword;securityMechanism=8</b></codeblock>
</example>
+<codeblock><b><ph>-- specify Encrypted UserID and Encrypted Password security</ph>
+jdbc:derby://localhost/mydb;user=myuser;password=mypassword;securityMechanism=9</b></codeblock>
</example>
 </refbody>
 </reference>



Mime
View raw message